This topic describes the terms related to Resource Management.
Terms related to Resource Directory
|enterprise management account||
An enterprise management account is an account that is used to enable a resource directory and is the super administrator of the resource directory. The enterprise management account has all administrative permissions on the resource directory and the member accounts in the resource directory. Only an Alibaba Cloud account that has passed enterprise real-name verification can be used as an enterprise management account. Each resource directory has only one enterprise management account.
To ensure the security of the enterprise management account, we recommend that you use a new Alibaba Cloud account as the enterprise management account. In addition, you can create a RAM user for the enterprise management account and grant administrator permissions to the RAM user. This way, you can use this RAM user to manage the entire resource directory. All operations in a resource directory must be performed by its enterprise management account or a RAM user that has the required permissions.
Note An enterprise management account does not belong to a resource directory and is not limited by the management policies of a resource directory.
|Root folder||The Root folder is the parent folder of all the other folders in a resource directory. These folders are organized in a hierarchy that starts from the Root folder.|
|folder||A folder is an organizational unit in a resource directory. A folder may indicate a branch, line of business, or project of an enterprise. Each folder can contain member accounts and child folders, which forms a tree-shaped organizational structure.|
A member account serves as a container for resources and is also an organizational unit in a resource directory. A member account indicates a project or application. The resources of different member accounts are isolated. You can use an enterprise management account to authorize RAM users, user groups, or roles to access the resources of member accounts.
The following types of member accounts are supported:
Terms related to Resource Group
You can sort resources that belong to your Alibaba Cloud account into various resource groups. This simplifies resource and permission management within your Alibaba Cloud account.
Terms related to Resource Sharing
|resource share||A resource share is an instance of the Resource Sharing service. It is also a cloud resource and has a unique ID and an Alibaba Cloud Resource Name (ARN). A resource share consists of a resource owner, shared targets, and shared resources.|
|resource owner||A resource owner initiates resource sharing and owns shared resources. It is the master account or a member account of a resource directory.|
|shared target||A shared target shares the resources of resource owners. It has specific operation
permissions on the shared resources. A shared target is a member account of a resource
directory. Multiple shared targets can share the same resource.
Note The operation permissions of each shared target on the shared resources are determined based on the Alibaba Cloud service to which the resources belong. For example, the operation permissions of shared targets on the shared vSwitches in a VPC are determined based on the VPC service. For more information, see Permissions related to VPC sharing.
|shared resource||A shared resource is a resource of an Alibaba Cloud service, such as a vSwitch in a VPC.|
Terms related to Tag
A tag consists of a key-value pair.
|custom tag||A custom tag is created by a user. For more information, see Add a tag.|
|system tag||A system tag is defined by the system. You can only query system tags.|